You need to log in using your Super Administrator role to manage user access control. When you create a user account, you can assign a user with one or more roles or you can also modify the user settings after you create the user.
Types of user roles and their access controls
Table 9. Types of user roles and their access controls
User Role
Role Definition
Access Control Ares
Super Administrator
Access to all the features
Dashboard > Executive
Dashboard > Security
Dashboard > IT Ops
Inventory
Inventory > Save search
Inventory > Apply tag
Inventory > Suggest reclassification
Inventory > Report generation
Investigate
Policy
Policy > Create policy
Policy > Blocked devices
Manage > Scans
Manage > Assets
Manage > Users
Manage > Sites and regions
Manage > Tags and groups
Manage > Integration
Manage >Configuration
Reporting > Saved searches
Reporting > Reports
Reporting > Reclassification requests
Network Administrator
Access to network features of the product
Dashboard > Executive
Inventory
Inventory > Save search
Inventory > Apply tag
Inventory > Suggest reclassification
Inventory > Report generation
Investigate
Policy
Policy > Create policy
Policy > Blocked devices
Manage > Scans
Manage > Assets
Manage > Sites and regions
Manage > Tags and groups
Manage > Integration
Manage >Configuration
Reporting > Saved searches
Reporting > Reports
Security Administrator
Access to security features of the product
Dashboard > Executive
Dashboard > Security
Inventory
Inventory > Save search
Inventory > Apply tag
Inventory > Suggest reclassification
Inventory > Report generation
Investigate
Policy
Policy > Create policy
Policy > Blocked devices
Manage > Scans
Manage > Assets
Manage > Sites and regions
Manage > Tags and groups
Manage > Integration
Manage >Configuration
Reporting > Saved searches
Reporting > Reports
IT Administrator
Access to IT features of the product
Dashboard > Executive
Dashboard > IT Ops
Inventory
Inventory > Save search
Inventory > Apply tag
Inventory > Suggest reclassification
Inventory > Report generation
Investigate
Policy
Policy > Blocked devices
Manage > Scans
Manage > Assets
Manage > Sites and regions
Manage > Tags and groups
Manage > Integration
Manage >Configuration
Reporting > Saved searches
Reporting > Reports
Super Reader
Access to only read in the defined scope
Dashboard > Executive
Dashboard > Security
Dashboard > IT Ops
Inventory
Inventory > Save search
Inventory > Report generation
Investigate
Policy
Policy > Blocked devices
Reporting > Saved searches
Reporting > Reports
Scope Based Access Control for Users
When creating a user, in addition to the role, you can also assign the scope for the user. The scope is based on sites and regions in Device Intelligence tenants and you can assign one or more sites and regions when creating the user. The Super Administrator and Super Reader roles does not have any scope based restrictions. Only Super Administrator users can provide scope based access control.
Single Sign-On (SSO) Users
For single sign-on (SSO) users who use external identity providers (IdP) such as Okta, Active Directory, etc for authentication, authorization will depend on role mappings. By default, all SSO users will be mapped to the Super Reader role and have access to all the sites. Super Administrator can modify the default role and scope based access control for SSO Users.
